CVE-2023-0978
CVSS V2 None
CVSS V3 None
Description
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
Overview
- CVE ID
- CVE-2023-0978
- Assigner
- trellixpsirt@trellix.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-13T14:15:12
- Last Modified Date
- 2023-03-17T04:03:31
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:mcafee:advanced_threat_defense:*:*:*:*:*:*:*:* | 1 | OR | 4.0 | 4.14.2 |
| cpe:2.3:a:trellix:intelligent_sandbox:5.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:trellix:intelligent_sandbox:5.2:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://kcm.trellix.com/corporate/index?page=content&id=SB10397 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0978 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0978 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:20:03 | Added to TrackCVE | |||
| 2023-04-17 06:20:06 | Weakness Enumeration | new |